escape_utils 0.1.5 → 0.1.6

data/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 0.1.5 (September 6th, 2010)
+* support for URI escaping added (thanks to @joshbuddy)
+* bugfix to ensure we don't drop opening tags during escape_javascript (thanks to @nagybence)
+
 ## 0.1.5 (July 13th, 2010)
 * add URL escaping and unescaping
 * major refactor of HTML and Javascript escaping and unescaping logic for a decent speed up

data/VERSION

@@ -1 +1 @@
-0.1.5
+0.1.6

data/escape_utils.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{escape_utils}
-  s.version = "0.1.5"
+  s.version = "0.1.6"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Brian Lopez"]
-  s.date = %q{2010-07-13}
+  s.date = %q{2010-09-06}
   s.email = %q{seniorlopez@gmail.com}
   s.extensions = ["ext/extconf.rb"]
   s.extra_rdoc_files = [
@@ -41,16 +41,19 @@ Gem::Specification.new do |s|
      "lib/escape_utils/url/cgi.rb",
      "lib/escape_utils/url/erb.rb",
      "lib/escape_utils/url/rack.rb",
+     "lib/escape_utils/url/uri.rb",
      "spec/html/escape_spec.rb",
      "spec/html/unescape_spec.rb",
      "spec/html_safety_spec.rb",
      "spec/javascript/escape_spec.rb",
      "spec/javascript/unescape_spec.rb",
+     "spec/query/escape_spec.rb",
+     "spec/query/unescape_spec.rb",
      "spec/rcov.opts",
      "spec/spec.opts",
      "spec/spec_helper.rb",
-     "spec/url/escape_spec.rb",
-     "spec/url/unescape_spec.rb"
+     "spec/uri/escape_spec.rb",
+     "spec/uri/unescape_spec.rb"
   ]
   s.homepage = %q{http://github.com/brianmario/escape_utils}
   s.rdoc_options = ["--charset=UTF-8"]
@@ -63,9 +66,11 @@ Gem::Specification.new do |s|
      "spec/html_safety_spec.rb",
      "spec/javascript/escape_spec.rb",
      "spec/javascript/unescape_spec.rb",
+     "spec/query/escape_spec.rb",
+     "spec/query/unescape_spec.rb",
      "spec/spec_helper.rb",
-     "spec/url/escape_spec.rb",
-     "spec/url/unescape_spec.rb"
+     "spec/uri/escape_spec.rb",
+     "spec/uri/unescape_spec.rb"
   ]
 
   if s.respond_to? :specification_version then

data/ext/escape_utils.c

@@ -7,6 +7,8 @@ static rb_encoding *utf8Encoding;
 #define IS_HEX(c) (c >= 48 || c <= 57) && (c >= 65 || c <= 70) && (c >= 97 || c <= 102)
 #define NOT_HEX(c) (c < 48 || c > 57) && (c < 65 || c > 90) && (c < 97 || c > 122)
 #define UNHEX(c) (c >= '0' && c <= '9' ? c - '0' : c >= 'A' && c <= 'F' ? c - 'A' + 10 : c - 'a' + 10)
+#define URI_SAFE(c) (c >= '0' && c <= '9') || (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= 38 && c <= 47) || c == 33 || c == 36 || c == 58 || c == 59 || c == 61 || c == 63 || c == 64 || c == 91 || c == 93 || c == 95 || c == 126
+//              \.:\/?\[\]\-_~\!\$&'\(\)\*\+,;=@
 
 static size_t escape_html(unsigned char *out, const unsigned char *in, size_t in_len) {
   size_t total = 0;
@@ -112,8 +114,9 @@ static size_t escape_javascript(unsigned char *out, const unsigned char *in, siz
       total++;
       break;
     case '<':
+      *out++ = '<';
       if (*in == '/') {
-        *out++ = '<'; *out++ = '\\'; *out++ = '/';
+        *out++ = '\\'; *out++ = '/';
         in++; in_len--;
         total++;
       }
@@ -234,6 +237,51 @@ static size_t unescape_url(unsigned char *out, const unsigned char *in, size_t i
   return total;
 }
 
+static size_t escape_uri(unsigned char *out, const unsigned char *in, size_t in_len) {
+  size_t total = 0;
+  unsigned char curChar, hex[2];
+  const unsigned char hexChars[16] = "0123456789ABCDEF";
+
+  total = in_len;
+  while (in_len) {
+    curChar = *in++;
+    if (URI_SAFE(curChar)) {
+        *out++ = curChar;
+    } else {
+        hex[1] = hexChars[curChar & 0x0f];
+        hex[0] = hexChars[(curChar >> 4) & 0x0f];
+        *out++ = '%'; *out++ = hex[0]; *out++ = hex[1];
+        total += 2;
+    }
+    in_len--;
+  }
+
+  return total;
+}
+
+static size_t unescape_uri(unsigned char *out, const unsigned char *in, size_t in_len) {
+  size_t total = 0, len = in_len;
+  unsigned char curChar, *start;
+
+  start = (unsigned char *)&in[0];
+  total = in_len;
+  while (len) {
+    curChar = *in++;
+    if (curChar == '%') {
+      if ((in-start)+2 <= in_len && IS_HEX(*in) && IS_HEX(*(in+1))) {
+        *out++ = (UNHEX(*in) << 4) + UNHEX(*(in+1));
+        in+=2;
+        total-=2;
+      }
+    } else {
+      *out++ = curChar;
+    }
+    len--;
+  }
+
+  return total;
+}
+
 static VALUE rb_escape_html(VALUE self, VALUE str) {
   Check_Type(str, T_STRING);
 
@@ -452,6 +500,76 @@ static VALUE rb_unescape_url(VALUE self, VALUE str) {
   return rb_output_buf;
 }
 
+static VALUE rb_escape_uri(VALUE self, VALUE str) {
+  Check_Type(str, T_STRING);
+
+  VALUE rb_output_buf;
+#ifdef HAVE_RUBY_ENCODING_H
+  rb_encoding *default_internal_enc = rb_default_internal_encoding();
+  rb_encoding *original_encoding = rb_enc_get(str);
+#endif
+  unsigned char *inBuf = (unsigned char*)RSTRING_PTR(str);
+  size_t len = RSTRING_LEN(str), new_len = 0;
+
+  // this is the max size the string could be
+  // TODO: we should try to be more intelligent about this
+  unsigned char *outBuf = (unsigned char *)malloc(sizeof(unsigned char *)*(len*3));
+
+  // perform our escape, returning the new string's length
+  new_len = escape_uri(outBuf, inBuf, len);
+
+  // create our new ruby string
+  rb_output_buf = rb_str_new((char *)outBuf, new_len);
+
+  // free the temporary C string
+  free(outBuf);
+
+#ifdef HAVE_RUBY_ENCODING_H
+  rb_enc_associate(rb_output_buf, original_encoding);
+  if (default_internal_enc) {
+    rb_output_buf = rb_str_export_to_enc(rb_output_buf, default_internal_enc);
+  } else {
+    rb_output_buf = rb_str_export_to_enc(rb_output_buf, utf8Encoding);
+  }
+#endif
+  return rb_output_buf;
+}
+
+static VALUE rb_unescape_uri(VALUE self, VALUE str) {
+  Check_Type(str, T_STRING);
+
+  VALUE rb_output_buf;
+#ifdef HAVE_RUBY_ENCODING_H
+  rb_encoding *default_internal_enc = rb_default_internal_encoding();
+  rb_encoding *original_encoding = rb_enc_get(str);
+#endif
+  unsigned char *inBuf = (unsigned char*)RSTRING_PTR(str);
+  size_t len = RSTRING_LEN(str), new_len = 0;
+
+  // this is the max size the string could be
+  // TODO: we should try to be more intelligent about this
+  unsigned char *outBuf = (unsigned char *)malloc(sizeof(unsigned char *)*len);
+
+  // perform our escape, returning the new string's length
+  new_len = unescape_uri(outBuf, inBuf, len);
+
+  // create our new ruby string
+  rb_output_buf = rb_str_new((char *)outBuf, new_len);
+
+  // free the temporary C string
+  free(outBuf);
+
+#ifdef HAVE_RUBY_ENCODING_H
+  rb_enc_associate(rb_output_buf, original_encoding);
+  if (default_internal_enc) {
+    rb_output_buf = rb_str_export_to_enc(rb_output_buf, default_internal_enc);
+  } else {
+    rb_output_buf = rb_str_export_to_enc(rb_output_buf, utf8Encoding);
+  }
+#endif
+  return rb_output_buf;
+}
+
 /* Ruby Extension initializer */
 void Init_escape_utils_ext() {
   VALUE mEscape = rb_define_module("EscapeUtils");
@@ -467,8 +585,13 @@ void Init_escape_utils_ext() {
   rb_define_module_function(mEscape,  "escape_url",           rb_escape_url, 1);
   rb_define_method(mEscape,           "unescape_url",         rb_unescape_url, 1);
   rb_define_module_function(mEscape,  "unescape_url",         rb_unescape_url, 1);
+  rb_define_method(mEscape,           "escape_uri",           rb_escape_uri, 1);
+  rb_define_module_function(mEscape,  "escape_uri",           rb_escape_uri, 1);
+  rb_define_method(mEscape,           "unescape_uri",         rb_unescape_uri, 1);
+  rb_define_module_function(mEscape,  "unescape_uri",         rb_unescape_uri, 1);
 
 #ifdef HAVE_RUBY_ENCODING_H
   utf8Encoding = rb_utf8_encoding();
 #endif
-}
+}
+

data/lib/escape_utils.rb

@@ -4,7 +4,7 @@ require 'escape_utils_ext'
 
 EscapeUtils.send(:extend, EscapeUtils)
 module EscapeUtils
-  VERSION = "0.1.5"
+  VERSION = "0.1.6"
 
   autoload :HtmlSafety, 'escape_utils/html_safety'
 end

data/lib/escape_utils/html/cgi.rb

@@ -7,7 +7,7 @@ class CGI
     alias escapeHTML _escape_html
 
     def unescapeHTML(s)
-      EscapeUtils.unescape_html(s)
+      EscapeUtils.unescape_html(s.to_s)
     end
   end
 end

data/lib/escape_utils/url/cgi.rb

@@ -2,9 +2,9 @@
 
 class CGI
   def self.escape(s)
-    EscapeUtils.escape_url(s)
+    EscapeUtils.escape_url(s.to_s)
   end
   def self.unescape(s)
-    EscapeUtils.unescape_url(s)
+    EscapeUtils.unescape_url(s.to_s)
   end
 end

data/lib/escape_utils/url/erb.rb

@@ -3,7 +3,7 @@
 class ERB
   module Util
     def url_encode(s)
-      EscapeUtils.escape_url(s)
+      EscapeUtils.escape_url(s.to_s)
     end
     alias u url_encode
     module_function :u

data/lib/escape_utils/url/rack.rb

@@ -3,10 +3,10 @@
 module Rack
   module Utils
     def escape(url)
-      EscapeUtils.escape_url(url)
+      EscapeUtils.escape_url(url.to_s)
     end
     def unescape(url)
-      EscapeUtils.unescape_url(url)
+      EscapeUtils.unescape_url(url.to_s)
     end
     module_function :escape
     module_function :unescape

data/lib/escape_utils/url/uri.rb

@@ -0,0 +1,10 @@
+# encoding: utf-8
+
+module URI
+  def self.escape(s, unsafe=nil)
+    EscapeUtils.escape_uri(s.to_s)
+  end
+  def self.unescape(s)
+    EscapeUtils.unescape_uri(s.to_s)
+  end
+end

data/spec/javascript/escape_spec.rb

@@ -20,7 +20,7 @@ describe EscapeUtils, "escape_javascript" do
   end
 
   it "should escape closed html tags" do
-    EscapeUtils.escape_javascript(%(dont </close> tags)).should eql(%(dont <\\/close> tags))
+    EscapeUtils.escape_javascript(%(keep <open>, but dont </close> tags)).should eql(%(keep <open>, but dont <\\/close> tags))
   end
 
   if RUBY_VERSION =~ /^1.9/
@@ -36,4 +36,5 @@ describe EscapeUtils, "escape_javascript" do
       EscapeUtils.escape_javascript(%(dont </close> tags)).encoding.should eql(Encoding.default_internal)
     end
   end
-end
+end
+

data/spec/uri/escape_spec.rb

@@ -0,0 +1,52 @@
+# encoding: UTF-8
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')
+
+describe EscapeUtils, "escape_uri" do
+  it "should respond to escape_uri" do
+    EscapeUtils.should respond_to(:escape_uri)
+  end
+
+  it "should escape a basic url" do
+    EscapeUtils.escape_uri("http://www.homerun.com/").should eql("http://www.homerun.com/")
+  end
+
+  # NOTE: from Rack's test suite
+  it "should escape a url containing tags" do
+    EscapeUtils.escape_uri("fo<o>bar").should eql("fo%3Co%3Ebar")
+  end
+
+  # NOTE: from Rack's test suite
+  it "should escape a url with spaces" do
+    EscapeUtils.escape_uri("a space").should eql("a%20space")
+    EscapeUtils.escape_uri("a   sp ace ").should eql("a%20%20%20sp%20ace%20")
+  end
+
+  # NOTE: from Rack's test suite
+  it "should escape a string of mixed characters" do
+    EscapeUtils.escape_uri("q1!2\"'w$5&7/z8)?\\").should eql("q1!2%22'w$5&7/z8)?%5C")
+  end
+
+  # NOTE: from Rack's test suite
+  it "should escape correctly for multibyte characters" do
+    matz_name = "\xE3\x81\xBE\xE3\x81\xA4\xE3\x82\x82\xE3\x81\xA8".unpack("a*")[0] # Matsumoto
+    matz_name.force_encoding("UTF-8") if matz_name.respond_to? :force_encoding
+    EscapeUtils.escape_uri(matz_name).should eql('%E3%81%BE%E3%81%A4%E3%82%82%E3%81%A8')
+    matz_name_sep = "\xE3\x81\xBE\xE3\x81\xA4 \xE3\x82\x82\xE3\x81\xA8".unpack("a*")[0] # Matsu moto
+    matz_name_sep.force_encoding("UTF-8") if matz_name_sep.respond_to? :force_encoding
+    EscapeUtils.escape_uri(matz_name_sep).should eql('%E3%81%BE%E3%81%A4%20%E3%82%82%E3%81%A8')
+  end
+
+  if RUBY_VERSION =~ /^1.9/
+    it "should default to utf-8 if Encoding.default_internal is nil" do
+      Encoding.default_internal = nil
+      EscapeUtils.escape_uri("http://www.homerun.com/").encoding.should eql(Encoding.find('utf-8'))
+    end
+
+    it "should use Encoding.default_internal" do
+      Encoding.default_internal = Encoding.find('utf-8')
+      EscapeUtils.escape_uri("http://www.homerun.com/").encoding.should eql(Encoding.default_internal)
+      Encoding.default_internal = Encoding.find('us-ascii')
+      EscapeUtils.escape_uri("http://www.homerun.com/").encoding.should eql(Encoding.default_internal)
+    end
+  end
+end

data/spec/uri/unescape_spec.rb

@@ -0,0 +1,55 @@
+# encoding: UTF-8
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')
+
+describe EscapeUtils, "unescape_uri" do
+  it "should respond to unescape_uri" do
+    EscapeUtils.should respond_to(:unescape_uri)
+  end
+
+  it "should unescape a basic url" do
+    EscapeUtils.unescape_uri("http%3A%2F%2Fwww.homerun.com%2F").should eql("http://www.homerun.com/")
+    EscapeUtils.unescape_uri("http://www.homerun.com/").should eql("http://www.homerun.com/")
+  end
+
+  # NOTE: from Rack's test suite
+  it "should unescape a url containing tags" do
+    EscapeUtils.unescape_uri("fo%3Co%3Ebar").should eql("fo<o>bar")
+  end
+
+  # NOTE: from Rack's test suite
+  it "should unescape a url with spaces" do
+    EscapeUtils.unescape_uri("a%20space").should eql("a space")
+    EscapeUtils.unescape_uri("a%20%20%20sp%20ace%20").should eql("a   sp ace ")
+    EscapeUtils.unescape_uri("a+space").should eql("a+space")
+  end
+
+  # NOTE: from Rack's test suite
+  it "should unescape a string of mixed characters" do
+    EscapeUtils.unescape_uri("q1%212%22%27w%245%267%2Fz8%29%3F%5C").should eql("q1!2\"'w$5&7/z8)?\\")
+    EscapeUtils.unescape_uri("q1!2%22'w$5&7/z8)?%5C").should eql("q1!2\"'w$5&7/z8)?\\")
+  end
+
+  # NOTE: from Rack's test suite
+  it "should unescape correctly for multibyte characters" do
+    matz_name = "\xE3\x81\xBE\xE3\x81\xA4\xE3\x82\x82\xE3\x81\xA8".unpack("a*")[0] # Matsumoto
+    matz_name.force_encoding("UTF-8") if matz_name.respond_to? :force_encoding
+    EscapeUtils.unescape_uri('%E3%81%BE%E3%81%A4%E3%82%82%E3%81%A8').should eql(matz_name)
+    matz_name_sep = "\xE3\x81\xBE\xE3\x81\xA4 \xE3\x82\x82\xE3\x81\xA8".unpack("a*")[0] # Matsu moto
+    matz_name_sep.force_encoding("UTF-8") if matz_name_sep.respond_to? :force_encoding
+    EscapeUtils.unescape_uri('%E3%81%BE%E3%81%A4%20%E3%82%82%E3%81%A8').should eql(matz_name_sep)
+  end
+
+  if RUBY_VERSION =~ /^1.9/
+    it "should default to utf-8 if Encoding.default_internal is nil" do
+      Encoding.default_internal = nil
+      EscapeUtils.unescape_uri("http%3A%2F%2Fwww.homerun.com%2F").encoding.should eql(Encoding.find('utf-8'))
+    end
+
+    it "should use Encoding.default_internal" do
+      Encoding.default_internal = Encoding.find('utf-8')
+      EscapeUtils.unescape_uri("http%3A%2F%2Fwww.homerun.com%2F").encoding.should eql(Encoding.default_internal)
+      Encoding.default_internal = Encoding.find('us-ascii')
+      EscapeUtils.unescape_uri("http%3A%2F%2Fwww.homerun.com%2F").encoding.should eql(Encoding.default_internal)
+    end
+  end
+end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: escape_utils
 version: !ruby/object:Gem::Version 
-  hash: 17
+  hash: 23
   prerelease: false
   segments: 
   - 0
   - 1
-  - 5
-  version: 0.1.5
+  - 6
+  version: 0.1.6
 platform: ruby
 authors: 
 - Brian Lopez
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-07-13 00:00:00 -07:00
+date: 2010-09-06 00:00:00 -07:00
 default_executable: 
 dependencies: []
 
@@ -53,16 +53,19 @@ files:
 - lib/escape_utils/url/cgi.rb
 - lib/escape_utils/url/erb.rb
 - lib/escape_utils/url/rack.rb
+- lib/escape_utils/url/uri.rb
 - spec/html/escape_spec.rb
 - spec/html/unescape_spec.rb
 - spec/html_safety_spec.rb
 - spec/javascript/escape_spec.rb
 - spec/javascript/unescape_spec.rb
+- spec/query/escape_spec.rb
+- spec/query/unescape_spec.rb
 - spec/rcov.opts
 - spec/spec.opts
 - spec/spec_helper.rb
-- spec/url/escape_spec.rb
-- spec/url/unescape_spec.rb
+- spec/uri/escape_spec.rb
+- spec/uri/unescape_spec.rb
 has_rdoc: true
 homepage: http://github.com/brianmario/escape_utils
 licenses: []
@@ -104,6 +107,8 @@ test_files:
 - spec/html_safety_spec.rb
 - spec/javascript/escape_spec.rb
 - spec/javascript/unescape_spec.rb
+- spec/query/escape_spec.rb
+- spec/query/unescape_spec.rb
 - spec/spec_helper.rb
-- spec/url/escape_spec.rb
-- spec/url/unescape_spec.rb
+- spec/uri/escape_spec.rb
+- spec/uri/unescape_spec.rb